P4ADEV-1264-P4PA-AUTH-handle-client-credential-piattaforma-unitaria-v…

…ia-env
pagopa · Oct 23, 2024 · 58343f3 · 58343f3
1 parent c7f1cf2
commit 58343f3
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 3 deletions.
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -88,6 +88,8 @@ microservice-chart:
 
     DATA_CIPHER_P4PA_AUTH_HASH_KEY: p4pa-auth-hash-key
     DATA_CIPHER_P4PA_AUTH_ENCRYPT_PSW: p4pa-auth-encrypt-psw
+
+    PIATTAFORMA_UNITARIA_CLIENT_SECRET: piattaforma-unitaria-client-secret
   # nodeSelector: {}
 
   # tolerations: []

diff --git a/.../java/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestService.java b/.../java/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestService.java
@@ -3,24 +3,54 @@
 import it.gov.pagopa.payhub.auth.exception.custom.ClientUnauthorizedException;
 import it.gov.pagopa.payhub.auth.mapper.ClientMapper;
 import it.gov.pagopa.payhub.model.generated.ClientDTO;
+import org.springframework.beans.factory.annotation.Value;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 @Service
 @Slf4j
 public class AuthorizeClientCredentialsRequestService {
+	private static final String ERROR = "Unauthorized client for client-credentials";
+	private static final String REGEX = "^(\\w+\\s*)(piattaforma-unitaria\\b)$";
 	private final ClientService clientService;
 	private final ClientMapper clientMapper;
+	private final String clientSecretEnv;
 
-	public AuthorizeClientCredentialsRequestService(ClientService clientService, ClientMapper clientMapper) {
+	public AuthorizeClientCredentialsRequestService(
+			@Value("${piattaforma-unitaria-client-secret}") String clientSecretEnv,
+			ClientService clientService,
+			ClientMapper clientMapper) {
 		this.clientService = clientService;
 		this.clientMapper = clientMapper;
+		this.clientSecretEnv = clientSecretEnv;
 	}
 
 	public ClientDTO authorizeCredentials(String clientId, String clientSecret) {
+		Matcher matcher = Pattern.compile(REGEX).matcher(clientId);
+		if (matcher.matches()) {
+			return retrieveByEnvProperties(clientId, matcher.group(1), matcher.group(2), clientSecret);
+		}
+		return retrieveByCollection(clientId, clientSecret);
+	}
+
+	private ClientDTO retrieveByCollection(String clientId, String clientSecret) {
 		return clientService.getClientByClientId(clientId)
 			.map(clientMapper::mapToDTO)
 			.filter(dto -> dto.getClientSecret().equals(clientSecret))
-			.orElseThrow(() -> new ClientUnauthorizedException("Unauthorized client for client-credentials"));
+			.orElseThrow(() -> new ClientUnauthorizedException(ERROR));
+	}
+
+	private ClientDTO retrieveByEnvProperties(String clientId, String organizationIpaCode, String clientName, String clientSecret) {
+		if (!clientSecret.equals(clientSecretEnv))
+			throw new ClientUnauthorizedException(ERROR);
+		return ClientDTO.builder()
+			.clientId(clientId)
+			.clientName(clientName)
+			.organizationIpaCode(organizationIpaCode)
+			.clientSecret(clientSecret)
+			.build();
 	}
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -67,3 +67,5 @@ app:
 data-chiper:
     p4pa-auth-hash-key: "\${DATA_CIPHER_P4PA_AUTH_HASH_KEY:PEPPER}"
     p4pa-auth-encrypt-psw: "\${DATA_CIPHER_P4PA_AUTH_ENCRYPT_PSW:PSW}"
+
+piattaforma-unitaria-client-secret: "\&{PIATTAFORMA_UNITARIA_CLIENT_SECRET:SECRET}"
diff --git a/...a/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestServiceTest.java b/...a/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestServiceTest.java
@@ -14,6 +14,8 @@
 
 import java.util.Optional;
 import java.util.UUID;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 @ExtendWith(MockitoExtension.class)
 class AuthorizeClientCredentialsRequestServiceTest {
@@ -24,9 +26,11 @@ class AuthorizeClientCredentialsRequestServiceTest {
 	private ClientMapper clientMapperMock;
 	private AuthorizeClientCredentialsRequestService service;
 
+	private static final String REGEX = "^(\\w+\\s*)(piattaforma-unitaria\\b)$";
+
 	@BeforeEach
 	void init() {
-		service = new AuthorizeClientCredentialsRequestService(clientServiceMock, clientMapperMock);
+		service = new AuthorizeClientCredentialsRequestService("SECRET", clientServiceMock, clientMapperMock);
 	}
 
 	@Test
@@ -47,6 +51,7 @@ void givenRightCredentialsWhenAuthorizeCredentialsThenOk() {
 
 		Mockito.when(clientServiceMock.getClientByClientId(clientId)).thenReturn(Optional.of(mockClient));
 		Mockito.when(clientMapperMock.mapToDTO(mockClient)).thenReturn(expectedClientDTO);
+		Assertions.assertFalse(Pattern.compile(REGEX).matcher(clientId).matches());
 		// When
 		ClientDTO actualClientDTO = service.authorizeCredentials(clientId, clientSecretMock);
 		// Then
@@ -59,6 +64,7 @@ void givenUnexpectedClientIdCredentialsWhenAuthorizeCredentialsThenClientUnautho
 		String clientId = "UNEXPECTED_CLIENT_ID";
 		String clientSecretMock = UUID.randomUUID().toString();
 
+		Assertions.assertFalse(Pattern.compile(REGEX).matcher(clientId).matches());
 		Mockito.when(clientServiceMock.getClientByClientId(clientId)).thenThrow(new ClientUnauthorizedException("error"));
 		// When, Then
 		Assertions.assertThrows(ClientUnauthorizedException.class, () -> service.authorizeCredentials(clientId, clientSecretMock));
@@ -80,10 +86,43 @@ void givenUnexpectedClientSecretCredentialsWhenAuthorizeCredentialsThenClientUna
 			.clientSecret(UUID.randomUUID().toString())
 			.build();
 
+		Assertions.assertFalse(Pattern.compile(REGEX).matcher(clientId).matches());
 		Mockito.when(clientServiceMock.getClientByClientId(clientId)).thenReturn(Optional.of(mockClient));
 		Mockito.when(clientMapperMock.mapToDTO(mockClient)).thenReturn(expectedClientDTO);
 
 		// When, Then
 		Assertions.assertThrows(ClientUnauthorizedException.class, () -> service.authorizeCredentials(clientId, clientSecret));
 	}
+
+	@Test
+	void givenSystemUserWhenMatcherThenAssertionOk() {
+		// Given
+		String clientId = "IPA_TEST_2piattaforma-unitaria";
+		String clientSecretEnv = "SECRET";
+		Matcher matcher = Pattern.compile(REGEX).matcher(clientId);
+
+		// When
+		ClientDTO actualClientDTO = service.authorizeCredentials(clientId, clientSecretEnv);
+		Assertions.assertTrue(matcher.matches());
+		// Then
+		Assertions.assertEquals(
+			ClientDTO.builder()
+				.clientId(clientId)
+				.organizationIpaCode(matcher.group(1))
+				.clientName(matcher.group(2))
+				.clientSecret(clientSecretEnv)
+				.build()
+			, actualClientDTO);
+	}
+
+	@Test
+	void givenSystemUserWhenMatcherThenClientUnauthorizedException() {
+		// Given
+		String clientId = "IPA_TEST_2piattaforma-unitaria";
+		Matcher matcher = Pattern.compile(REGEX).matcher(clientId);
+
+		// When, Then
+		Assertions.assertTrue(matcher.matches());
+		Assertions.assertThrows(ClientUnauthorizedException.class, () -> service.authorizeCredentials(clientId, "UNEXPECTED_SECRET"));
+	}
 }